Lucene search
K

5865 matches found

NVD
NVD
added 2024/03/20 8:15 p.m.27 views

CVE-2024-28868

Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external...

5.3CVSS4AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2024/03/20 8:7 p.m.23 views

CVE-2024-28868 Umbraco possible user enumeration vulnerability

Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external...

3.7CVSS5.4AI score0.00452EPSS
Exploits0References4
OSV
OSV
added 2024/03/20 5:54 p.m.26 views

GHSA-552F-97WF-PMPQ Umbraco possible user enumeration

Impact A user enumeration attack is possible. Affected versions Umbraco 10 with access to the native login screen Patches This is fixed in 10.8.5 Workarounds Disabling the native login screen, by exclusively use external logins...

3.7CVSS4.5AI score0.00452EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2024/03/19 12:0 a.m.16 views

Hello, Java 22!

update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade fo...

7.2AI score
Exploits0
CNVD
CNVD
added 2024/03/19 12:0 a.m.7 views

IBM CICS TX Standard and Advanced suffers from a cryptographic problem vulnerability (CNVD-2024-15366)

IBM CICS TX Standardand Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard and Advanced has a cryptographic issue vulnerability that stems...

7.5CVSS6.3AI score0.00486EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/03/18 11:51 p.m.6 views

Malicious code in eng-intern-assessment-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/03/18 11:51 p.m.8 views

MAL-2024-1118 Malicious code in eng-intern-assessment-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b4034292e246b7a29d48d5132016c2ae8beb78c0b6a0794d515aa811e5cc59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
NVD
NVD
added 2024/03/18 10:15 p.m.14 views

CVE-2024-28250

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...

6.1CVSS6.1AI score0.00172EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/18 9:42 p.m.13 views

CVE-2024-28250 Cilium has possible unencrypted traffic between nodes when using WireGuard and L7 policies

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...

6.1CVSS6.7AI score0.00172EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 8:33 p.m.30 views

GHSA-V6Q2-4QR3-5CW6 Unencrypted traffic between nodes when using WireGuard and L7 policies

Impact In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies: - Traffic that should be WireGuard-encrypted is sent unencrypted between a node's Envoy proxy and pods on other nodes. - Traffic that should be WireGuard-encrypted is sent unencrypted between a node's DNS prox...

6.1CVSS6.4AI score0.00172EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.2 views

PT-2024-22366 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14.0 through 1.14.7 Cilium versions 1.15.0 through 1.15.1 Cilium version 1.14.4 with encryption.wireguard.encapsulate set to false in tunneling mode Description: In Cilium clusters with WireGuard enabled and traffic matching...

6.1CVSS6.8AI score0.00172EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2024/03/16 12:33 a.m.32 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9CVSS7.2AI score0.00654EPSS
Exploits0References3
OSV
OSV
added 2024/03/14 3:9 p.m.4 views

SUSE-SU-2024:0899-1 Security update for gdb

This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency wi...

7.8CVSS6.8AI score0.02256EPSS
Exploits2References7
Securelist
Securelist
added 2024/03/14 10:0 a.m.58 views

A patched Windows attack surface is still exploitable

On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege EoP, which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of th...

7.2CVSS7.3AI score0.32309EPSS
Exploits5
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

Quarkus Information Disclosure Vulnerability

Quarkus is a cloud-native Linux container-first framework for writing Java applications. An information disclosure vulnerability exists in Quarkus that stems from the presence of an information disclosure vulnerability...

3.5CVSS6.3AI score0.00595EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.14 views

Fedora: Security Advisory for tomcat-native (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.14 views

Fedora: Security Advisory for jansi-native (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.29 views

Fedora: Security Advisory for nekohtml (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.12 views

Fedora: Security Advisory for maven-native (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: tomcat-native-1.2.36-4.fc40

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...

8.8CVSS6.8AI score0.02557EPSS
Exploits3
Rows per page
Query Builder